1. Field of the Invention
The present invention relates, in general, to a method for data security for an information processor, and in particular to data protection for attachable/detachable recording medium (removable medium).
2. Description of Related Art
It is known to use an external storage device for a computer that uses a removable medium which can be attached to and detached from a system. A removable medium has been widespread in use in part because of its superior portability and also in part as the recording medium can be taken out of a storage device. Additionally, it is known that a removable medium also provides convenience to an end user in that it can be attached to a computer for immediate use. There are various kinds of removable media such as an ATA (AT Attachment) card to be used for a PCMCIA (Personal Computer Memory card International Association) slot, a USB (Universal Serial Bus) card to be attached to a USB port for use, and a magnetic disk or an optical disk to be mounted on a dedicated disk drive (driving device) for use.
These types of removable medium can be freely attached to and detached from a storage device as described above, and can be mounted on any computer that is provided with a compatible port or a driving device, and therefore sufficient data protection measures may be required depending on the kind of data to be stored thereon.
Traditionally, setting write-protection or setting a stored data file to a hidden file have been generally implemented as data protection means for a removable medium. However, even using such means, it is possible for a malicious user to read the data since the data written in the recording medium itself is in a computer-readable format and therefore compromises confidentiality.
A method of encrypting a data file to be stored in a recording medium is one powerful means for data protection (see for example, Published Unexamined Japanese Patent Application No. 9-237228 (p.3)). According to this method, only a user who has information for decrypting an encrypted data file (decryption key) can use the data, so that sufficient data protection can be ensured.
In a common procedure for encrypting data, a user calls an encryption function of an OS (operating system) or an encryption tool (program) first, and then inputs a passphrase or performs other operations in accordance with the user interface of each tool.
Similarly, when decrypting encrypted data, a user calls a decryption function of the OS or the encryption tool first, and then inputs a passphrase or performs other operations in accordance with the user interface of each tool.
In the technology disclosed in the above-referenced Application No. 9-237228, the inputted passphrase itself is not used for encryption or decryption of data. Instead, key data generated from the passphrase is used and the key data is required when decrypting the data, for example, so that security can be further increased. The operation procedure, however, is not essentially different.
As described above, as means for protecting data stored in a removable medium, encryption of the data file is extremely effective. However, as described above, encrypting a data file using a traditional encryption function of an OS or an encryption tool requires a user to input a passphrase and perform other troublesome operations every time encryption or decryption of a data file is performed, and is not necessarily easy to use for the user.
Especially when a data file recorded on a removable medium is encrypted and decrypted at the time of attachment and detachment of the medium, it has been desired to simplify the operation required for such processing.